connect with us

twitter

usenix conference policies

The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets

Abstract:

Global Internet threats are undergoing a profound transformation from
attacks designed solely to disable infrastructure to those that also target
people and organizations. Behind these new attacks is a large pool of
compromised hosts sitting in homes, schools, businesses, and governments
around the world. These systems are infected with a bot that
communicates with a bot controller and other bots to form what is
commonly referred to as a zombie army or botnet. Botnets
are a very real and quickly evolving problem that is still not well
understood or studied. In this paper we outline the origins and structure
of bots and botnets and use data from the operator community, the Internet
Motion Sensor project, and a honeypot experiment to illustrate
the botnet problem today. We then study the effectiveness of detecting
botnets by directly monitoring IRC communication or other command and
control activity and show a more comprehensive approach is required.
We conclude by describing a system to detect botnets that utilize advanced
command and control systems by correlating secondary detection data from
multiple sources.